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Introducing Code4rena Profiles: a solo auditor’s highlight reel. Learn more > 


` 


Competition ends in 15 days 


Tapioca DAO 


The first ever Omnichain money market, powered by LayerZero. 


© 


Make a submission 


Start date 


5 Jul 1:00 PM 
End date 


4 Aug 1:00 PM 


Total awards 


$390,000 USDC 


Duration 


about 1 month 


Details Your Findings 


Tapioca audit details 


e Total Prize Pool: $390,000 USDC 
e HM awards: $222,338 USDC 


e Analysis awards: $13,476 USDC 
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QA awards: $6,737 USDC 
Bot Race awards: $20,212 USDC 


Gas awards: $6,737 USDC 
Judge awards: $26,000 USDC 


Lookout awards: $12,000 USDC 
Scout awards: $500 USDC 


Mitigation Review: $82,000 USDC (Opportunity goes to top 5 
certified wardens based on placement in this audit.) 


e Join C4 Discord to register 

e Submit findings using the C4 form 

e Read our guidelines for more details 
e Starts July O5, 2025 20:00 UTC 

e Ends August 04, 2023 20:00 UTC 


Automated Findings / Publicly Known Issues 


Automated findings output for the audit can be found here. Important: click 
"Raw" to view the entire report, as it is truncated in the default view. 


Note for C4 wardens: Anything included in the automated findings output is 
considered a publicly known issue and is ineligible for awards. 


We are aware of the issue with the _ld2sdRate() . Currently if isLdChain isn't 
set to true for the chain within the deployment of the token, the maximum 


amount of token that can be sent is equal to 18e18 . 


Prior audits can be viewed here, and the contents of these are also 


considered known issues and ineligible for awards. It is recommended that 
wardens read both Certora reports for helpful context. 
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In particular, note that the issue described as "First depositor can steal value 
of some subsequent deposits" in the Certora audit is a known issue. 


Overview 


The Tapioca protocol is built with a lot of different smart contracts, scattered 
across 5 repositories. 

It's an Omnichain protocol working the LayerZero messaging layer. At its core, 
Tapioca ERC20/ERC721 contracts uses the LayerZero OFTv2 and ONFT721 
contracts. 


The main repository is tapioca-bar, which contains USDO, a stablecoin. 
BigBang, a CDP based contract that mint and burn usDo . And Singularity, a 
lending and borrowing platform. 


The other repos are here to support the ecosystem as well as to create a 
synergy between the tokenemics and the protocol features. 


e tap-token Contracts related to the tokenemics, is linked to tapioca-bar 


in an asymmetric way. 


e tapiocaz Contracts that contains a wrapper named TOFT , which is used 
to wrap gas tokens and transfer allow their usage through the LayerZero 
network. 


e tapioca-periph Periphery contracts. The main contract is Magnetarv2 , 
acts as a helper that reduce the number of user taken 
actions/transactions. 


e YieldBox A "BentoBox v2". Acts as a vault, that allow for yield strategies to 
be applied on the asset. 


e yieldbox-strategies Yield strategies that will be used by a YieldBox asset. 


#:tapioca-userflow 


Notes 
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e The docs provide a lot of information about the protocol and the user 
flow, given the size of the protocol, we encourage checking it at 


e MagnetarV2 does not have access control by design. The underlying is 
the one that implement those (Can be found on TOFT , Singularity , 


USDO , TapiocaOptionBroker ). 


e Re-entrency on ownable contract should be considered as a vulnerability 
only if the last call leads to an external call with potential vulnerability. 


Files in scope 


tapioca-bar- Singularity collateral module 
audit/contracts/markets/si 
ngularity/SGLCollateral.sol 


tapioca-bar- Singularity borrowing module 
audit/contracts/markets/si 
ngularity/SGLBorrow.sol 


tapioca-bar- Base USDO contract tapioca-sdk/* 


audit/contracts/usdO/Base @openzeppelin/* 
USDOStorage.sol E _ tapioca-periph/* 


tapioca-bar- USDO stablecoin tapioca-sdk/* 
audit/contracts/usdO/USD tapioca-periph/* 
O.sol 


tapioca-bar- 78 | Singularity base contract 
audit/contracts/markets/si 

ngularity/SGLLendingCom 

mon.sol __ 


tapioca-bar- Singularity storage layout @boringcrypto/* 
audit/contracts/markets/si tapioca-periph/* 
ngularity/SGLStorage.sol tapioca-sdk/* 
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tapioca-bar- 
audit/contracts/markets/si 
ngularity/SGLLeverage.sol 


tapioca-bar- 
audit/contracts/markets/M 
arketERC20.sol __ 


tapioca-bar- 
audit/contracts/markets/si 
ngularity/SGLCommon.sol 


tapioca-bar- 
audit/contracts/usdO/mod 
ules/USDOMarketModule. 


tapioca-bar- 
audit/contracts/usdO/mod 


ules/USDOOptionsModule. 


tapioca-bar- 
audit/contracts/usdO/mod 
ules/USDOLeverageModul 


tapioca-bar- 
audit/contracts/markets/si 
ngularity/SGLLiquidation.s 
ol __ 


tapioca-bar- 


audit/contracts/usdO/Base 
USDO.sol _ 


tapioca-bar- 


audit/contracts/Penrose.so 


= £ 
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Description 


Singularity module for 
leverage 


Base contract for Market.sol 


Singularity base contract 


USDO Module for Singularity 


USDO Module for 


TapiocaBrokerOption.sol calls 


USDO Module for leverage 


Singularity module for 
liquidations 


Custom LayerZero OFT logic, 
inherited in USDO 


Owner contract for USDO & 
BB 


Libraries 


tapioca-periph/* 


@boringcrypto/* 
@openzeppelin/* 


tapioca-sdk/* 
@boringcrypto/* 
tapioca-periph/* 


tapioca-sdk/* 
tapioca-periph/* 


tapioca-sdk/* 
tapioca-periph/* 


tapioca-sdk/* 
@openzeppelin/* 


tapioca-periph/* 


@boringcrypto/* 
tapioca-sdk/* 
tapioca-periph/* 
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tapioca-bar- 
audit/contracts/markets/si 


tapioca-bar- 
audit/contracts/markets/bi 
gBang/BigBang.sol_ _—_ 


Abstracts (1) 
tapioca-bar- 


audit/contracts/markets/M 
arket.sol El 


Total (over 18 files): 


Contracts (10) 


tapiocaz- 
audit/contracts/tOFT/Tapi 
ocaOFT.sol _ 


tapiocaz- 
audit/contracts/tOFT/Base 
TOFTStorage.sol E _ 


tapiocaz- 
audit/contracts/tOFT/mTa 
piocaOFT.sol _ 


tapiocaz- 
audit/contracts/TapiocaWr 
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Description 


Lending & borrowing 


Mint and burn USDO through 


CDP 


Base contract for BigBang & 
Singularity 


Description 


OFTv2 compliant wrapped 
token, with new custom 
functions 


Base TOFT EVM storage 
layout 


Special TOFT implementation 


that can balance its supply 


TOFT create2 deployer 


Libraries 


tapioca-periph/* 
tapioca-sdk/* 


@boringcrypto/* 
tapioca-periph/* 


@boringcrypto/* 
tapioca-sdk/* 
tapioca-periph/* 


Libraries 


tapioca-sdk/* 


@openzeppelin/* 


tapioca-periph/* 


tapioca-periph/* 
@openzeppelin/* 
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tapiocaz- 
audit/contracts/tOFT/mod 
ules/BaseTOFTStrategyMo 
dule.sol_ 


tapiocaz- 
audit/contracts/Balancer.s 
ol __ 


tapiocaz- 
audit/contracts/tOFT/mod 
ules/BaseTOFTMarketMod 
ule.sol 


tapiocaz- 
audit/contracts/tOFT/mod 
ules/BaseTOFTOptionsMo 
dule.sol 


tapiocaz- 
audit/contracts/tOFT/mod 
ules/BaseTOFTLeverageM 
odule.sol 


tapiocaz- 
audit/contracts/tOFT/Base 
TOFT.sol __ 


Total (over 10 files): 


a 


Contracts (9) 


tap-token- 
audit/contracts/tokens/LT 
ap.sol __ 
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Description 


Base TOFT YieldBox module 


Contract that balance out a 
mTapiocaOFT supply 


Base TOFT Singularity market 
module 


Base TOFT 
TapiocaOptionBroker market 
module 


Base TOFT leverage module 


Base TOFT contract 


ERC20 aolAP 1:1 redeemer 


Libraries 


tapioca-sdk/* 
tapioca-periph/* 


tapioca-periph/* 
solmate/* 


@openzeppelin/* 


tapioca-sdk/* 
tapioca-periph/* 


tapioca-sdk/* 
tapioca-periph/* 


tapioca-sdk/* 
tapioca-periph/* 


Libraries 


@boringcrypto/* 
@openzeppelin/* 
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tap-token- 
audit/contracts/options/o 
TAP.sol 


tap-token- 
audit/contracts/option- 
airdrop/aoTAP.sol 


tap-token- 
audit/contracts/Vesting.s 
ol 


tap-token- 
audit/contracts/tokens/Ta 
pOFT.sol 


tap-token- 
audit/contracts/options/T 


apiocaOptionLiquidityPro 
vision.sol 2 


tap-token- 

audit/contracts/option- 

airdrop/AirdropBroker.sol 
x 


tap-token- 
audit/contracts/governan 
ce/twTAP.sol ® __Z 


tap-token- 
audit/contracts/options/T 
apiocaOptionBroker.sol 


Abstracts (2) 


tap-token- 


audit/contracts/twAML.so 


E 


tap-token- 
audit/contracts/tokens/B 
aseTapOFT.sol 2 
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Description 


ERC721 Option meta contract 


Forked version of oTAP 


Vesting contract 


Tapioca protocol token 


Singularity ERC20 receipt 
token vault 


Smaller version of 
TapiocaOptionBroker to mint & 
exercise LTAP 


ONFT721 governance token 


Mint & exercise oTAP 


Libraries 


@boringcrypto/* 
@openzeppelin/* 
tapioca-sdk/* 


@boringcrypto/* 
@openzeppelin/* 
tapioca-sdk/* 


@openzeppelin/* 
@boringcrypto/* 


@openzeppelin/* 


@boringcrypto/* 
@openzeppelin/* 
tapioca-sdk/* 


@openzeppelin/* 
@boringcrypto/* 
tapioca-periph/* 


tapioca-sdk/* 
@openzeppelin/* 


@boringcrypto/* 
@openzeppelin/* 
tapioca-periph/* 


Math library 


Base TapOFT contract 


tapioca-sdk/* 
@openzeppelin/* 
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Contracts (12) 


tapioca-periph- 

audit/contracts/oracle/imp 
lementations/GLPOracle.s 
ol 


tapioca-periph- 
audit/contracts/TapiocaDe 


IE 


Tapioca contract deployer 
tapioca-periph- 
audit/contracts/oracle/imp 


SL 
O 
Cc 
57 | Stargate finance oracle @chainlink/* 
lementations/SGOracle.sol 
tapioca-periph- Oracle contract, uses best of 
audit/contracts/oracle/See ChainLink/UniV3 price feed 
r.sol 


Multicall contract @openzeppelin 
(at 


tapioca-periph- 
audit/contracts/Multicall/ 
Multicall3.sol B == 


tapioca-periph- TriCrypto oracle @chainlink/* 


audit/contracts/oracle/imp 


lementations/ARBTriCrypt 
oOracle.sol 


@openzeppelin 
/* solady/* 


Curve swapper contract @openzeppelin 
{* 


tapioca-periph- 
audit/contracts/Swapper/ 
CurveSwapper.sol 


tapioca-periph- UniV2 swapper contract 
audit/contracts/Swapper/ 


UniswapV2Swapper.sol 
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tapioca-periph- 
audit/contracts/Swapper/ 
UniswapV3Swapper.sol 


tapioca-periph- 
audit/contracts/Magnetar/ 
MagnetarV2Storage.sol _ 


tapioca-periph- 
audit/contracts/Magnetar/ 
modules/MagnetarMarket 
Module.sol __ 


tapioca-periph- 
audit/contracts/Magnetar/ 
MagnetarV2.sol H 
x 


Abstracts (1) 


tapioca-periph- 
audit/contracts/Swapper/ 
BaseSwapper.sol 


Total (over 13 files): 


Contracts (10) 


tapioca-yieldbox-strategies- 
audit/contracts/yearn/YearnStrategy 
sol 


tapioca-yieldbox-strategies- 
audit/contracts/compound/Compou strat 


ndStrategy.sol __ 
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Description 


UniV3 swapper contract 


Magnetar storage layout 


Magnetar Singularity module 


Helper contract that interacts 
with Singularity, BigBang, 
TapiocaOptionBroker 


Base swapper contract for other 
swapper contract 


Yearn strat 


Libraries 


@uniswap/* 
@openzeppelin 


[2 


@boringcrypto 
/* tapioca- 
sdk/* 


tapioca-sdk/* 
@openzeppelin 


{> 


@openzeppelin 


@openzeppelin 
/* tapioca- 
sdk/* 


p 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 


Compound 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 
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tapioca-yieldbox-strategies- 
audit/contracts/lido/LidoEthStrategy 
sol __ 


tapioca-yieldbox-strategies- 


audit/contracts/curve/TricryptoNati 
veStrategy.sol 


tapioca-yieldbox-strategies- 
audit/contracts/curve/TricryptoLPSt 
rategy.sol 


tapioca-yieldbox-strategies- 
audit/contracts/stargate/StargateStr 
ategy.sol __ 


tapioca-yieldbox-strategies- 
audit/contracts/aave/AaveStrategy.s 
ol 


tapioca-yieldbox-strategies- 
audit/contracts/balancer/BalancerSt 
rategy.sol __ 


tapioca-yieldbox-strategies- 
audit/contracts/glp/GlpStrategy.sol 


tapioca-yieldbox-strategies- 
audit/contracts/convex/ConvexTricr 
yptoStrategy.sol _ 


Total (over 10 files): 


File SL | Description 
oc 


Contracts (3) 
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Description 


TriCrypto LP 
strat 


TriCrypto 
native strat 


TriCrypto LP 


strat 


Stargate strat 


Stargate strat 


Balancer strat 


GLP strat 


TriCrypto strat 


Libraries 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 


@openzeppelin/* 


@boringcrypto/* 


tapioca-sdk/* 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 


@boringcrypto/* 
@uniswap/* tapioca- 


sdk/* 


@openzeppelin/* 
@boringcrypto/* 


tapioca-sdk/* 


— 
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YieldBox/contracts/YieldBo 


XURIBuilder.sol 


YieldBox/contracts/YieldBo 


x.sol 


Libraries (2) 


YieldBox/contracts/BoringM 


ath.sol 
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Creates ERC1155 

tokens 

Inherited by YieldBox @openzeppelin/* 
@boringcrypto/* 

Main Yieldbox @boringcrypto/* 

contract = 


EIP-2612 for YieldBox @openzeppelin/* 


aan — En 
Math lib for internal @boringcrypto/* 
accounting 


e @openzeppelin/contracts/ 


e @chainlink/ 
e solady/ 


e @rari-capital/solmate 


Additional Context 


twAML is a simple model that is used in twTAP and TapiocaOptionBroker . A 


detailed explanation of how it works can be found here. 


Scoping Details 
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If you have a public code repo, please share it here: https://g: 
How many contracts are in scope?: 62 

Total SLoC for these contracts?: 13499 

How many external imports are there?: 15 

How many separate interfaces and struct definitions are there fol 
Does most of your code generally use composition or inheritance? 
How many external calls?: 10 

What is the overall line coverage percentage provided by your te: 
Is there a need to understand a separate part of the codebase / : 
Please describe required context: n/a 

Does it use an oracle?: Custom oracle that may use Chainlink or 
Does the token conform to the ERC2@ standard?: True / also non-l 
Are there any novel or unique curve logic or mathematical models 
Does it use a timelock function?: True 

Is it an NFTP: 

Does it have an AMM: 

Is it a fork of a popular project?: True; Heavily modified versi 
Does it use rollups?: 

Is it multi-chain?: True 

Does it use a side-chain?: False 

Describe any specific areas you would like addressed. E.g. Pleast 


Tap-Token repo: 
Integrity of twAML model within the used contracts (TapiocaOptionBi 


Correct user participation and exit on twAML contracts (tOB, tDP). 


Proper OTC deal execution on t0B. 


Tapioca-Bar repo: 


Lending & borrowing mechanism. 


Function access with lend/borrow approval/permit. 


Closed liquidations. 


TapiocaZ repo: 


mTapiocaOFT/Balancer contract balancing mechanism. 


QuickStart 
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export ALCHEMY_API_KEY="<your-alchemy-api-key>" && export PRIVATE | 


Tests 


Some tests are skipped, either because it requires a specific chain to be on 
(Some tests might run solely on Mainnet, while others on Arbitrum). Others are 
skipped due to being there for helping purposes, or being too old but aren't 
cleaned. 


Hardhat tests: 


Setup 


yarn 
npx hardhat compile 


Test 
npx hardhat test 


Gas cost 


Set enabled keyto true in hardhat.export.ts>config.gasReporter 


gasReporter: { 
enabled: true, 


Slither 


Slither does not currently work on tapioca-periph-audit repo. If you find a 
workaround, please share in the discord. 
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Coverage 


Coverage is broken for some repos because we use IR compilation. 
Disabling it might output a stack too deep compilation error. 


An open organization | Twitter | Discord | GitHub | Medium | Newsletter | Media kit | 
code4rena.eth 
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